CVE-2016-8631

MEDIUM

OpenShift Enterprise 3 - Route Overwrite via Improper Route Sorting

Title source: llm
STIX 2.1

Description

The OpenShift Enterprise 3 router does not properly sort routes when processing newly added routes. An attacker with access to create routes can potentially overwrite existing routes and redirect network traffic for other users to their own site.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94110
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:2696
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8631

Scores

CVSS v3 6.3
EPSS 0.0110
EPSS Percentile 61.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-20
Status published
Products (2)
redhat/openshift 3.0
redhat/openshift 3.3
Published Jul 31, 2018
Tracked Since Feb 18, 2026